Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experts Call For Preserving Copper, Pneumatic Systems As Hedge For Cyber Risk (securityledger.com)

Posted by BeauHD on from the old-vs-new dept.

chicksdaddy quotes a report from The Security Ledger: The United States should invest resources in preserving aging, analog infrastructure including telecommunications networks that use copper wire and pneumatic pumps used to pump water as a hedge against the growing threat of global disruption resulting from a cyber attack on critical infrastructure, two researchers at MITRE argue. The researchers, Emily Frye and Quentin Hodgson with The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack. That includes so-called "lifelines" -- essential functions like water, electricity, communications, transportation and emergency services. That marks a critical departure from the past when such systems were isolated from the internet and other general purpose networks. "Each lifeline rides on, and is threaded together by, digital systems. And humans have yet to design a digital system that cannot be compromised," they write. With such civilization-sustaining functions now susceptible to attack, the onus is on society to maintain a means of operating them that does not rely on digital controls, Fry and Hodgson write. In many cases, that means preserving an older generation of analog infrastructure and management systems that could be manually operated, The Security Ledger reports. From their article: "In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise."

11 of 169 comments (clear)

  1. I wonder if they realize... by ZorinLynx · · Score: 4, Insightful

    That ever since the 80s, those copper lines simply plug into a digital phone switch anyway?

    1. Re: I wonder if they realize... by Anonymous Coward · · Score: 2, Insightful

      Suppose you want to have two communication infrastructures, one in use and the other for backup. We are moving towards an all-cell infrastructure. They are saying the best choice for the other infrastructure is the copper phone network -- it exists and is pervasive (unlike cable or fiber). The other choice is to build something new. If you want to have two infrastructures, why would you dismantle the one you aren't using and build a new one you aren't going to use?

    2. Re:I wonder if they realize... by Gavagai80 · · Score: 3, Insightful

      Anyone with solar.

      --
      This space intentionally left blank
    3. Re: I wonder if they realize... by Anonymous Coward · · Score: 5, Insightful

      Why would you dismantle the copper phone network?

      Perhaps because it is (or seems to beancounters) expensive to maintain. The cables are quite old and do break and then need fixing. The thing is of course that it provides something you previously got "for free" as in you were paying for the network anyway and its resilience got taken for granted. Now, we're paying for something else, like computer networks, and don't see why we're still having to pay for "something we don't use" all that often. These people are saying the resilience we used to get for free (because the network was just that well-made) is important enough that we should keep the thing around.

      Me, I think that simply saying "keep the old stuff" isn't good enough. Instead, realise that traditional telco engineering is wildly different from the computer networks techie engineering, as can be seen from comparing, say, atm and ethernet. I'm not talking about bitrates, I'm talking about the other guarantees that atm does provide and ethernet hardware expects higher layers to "fix it in software" in spite of its best efforts to thwart it. It's a mindset difference.

      Computer network "engineering" is quite frequently "marginal in the best case is good enough", where telco engineering is more like "full service in the worst case and we'll reluctantly call it a day". I'm not talking telco management stupidity and incessant price gauging, I'm talking engineering mind-set. Traditionally-engineered telephone service will continue during black-outs, despite the hardware obviously needing power to do so. Modern, "converged" telephone service very likely won't, for so many reasons it's not funny any longer.

      So I think that in the long run it's going to be cheaper and more functional to remember how and why the POTS was engineered like it was, and do something similar with modern technology. Perhaps as a second network for critical infrastructure, since you really should keep it separate from the other networks anyway, "converged" or not.

      But do it with tech that's closer to what's being used for the other network, like glass, only with much less complexity and more hard service guarantees, like battery backups, truly geographically diversified redundant routes, easily manufacturable parts, and low-power hardware so the batteries last longer, perhaps with solar panels to power distribution points, and so on, and so forth. You can do a lot here beyond relying on century-old tech. But if that old tech truly is the best, then we'll use that. It's about functionality that the modern stuff simply doesn't provide and isn't really designed for, not clinging to times past.

  2. Re:Oblig by 0100010001010011 · · Score: 3, Insightful

    Mechanical offline safeties wouldn't be a bad idea for a lot of things.

  3. Um No, That is Not The Solution by LeftCoastThinker · · Score: 3, Insightful

    Um no, that is not the solution, the solution is to air gap anything you cant afford to have break due to hacking, and hunt down criminal hackers around the world. Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.

    Air gapping critical infrastructure should be a federal law, because anything connected can eventually be hacked given enough time and resources.

    --
    If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    1. Re:Um No, That is Not The Solution by Gavagai80 · · Score: 3, Insightful

      Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.

      Unlike a bomb, it can be very difficult to definitively establish state-sponsored hacking as responsible for an attack. You can't (or shouldn't) start a devastating war over a gut feeling.

      --
      This space intentionally left blank
  4. Disconnect and decentralize by Gravis+Zero · · Score: 5, Insightful

    If you want to prevent a wholesale shutdown of services by hackers then the best way to do that is to disconnect your most vital systems (water, electricity and transportation) from communications networks (the internet).

    * The last reason (price) for not using solar+battery almost everywhere is fading fast and we should encourage the proliferation of isolated power systems. With the exception of exotic locations, only businesses should need to have access to the power grid.
    * Depending on and funding combative nations to fuel our transportation has been foolish since day one, we need to switch to electric vehicles posthaste.
    * Finally, we need to start changing our water systems into closed loop systems to conserve the water we can access to minimize external dependency because the climate is changing.

    We have two choices: adapt or die.

    --
    Anons need not reply. Questions end with a question mark.
  5. Steampunk Copper Pipe Dreams by bill_mcgonigle · · Score: 3, Insightful

    Our society cannot function on steampunk technology - if it did it would be a different society, no matter how alluring the aesthetic.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  6. Re:Copper is also digital by vtcodger · · Score: 5, Insightful

    Of course not. What they want is to quit using an obviously insecure technology designed for entertainment and casual communication for command and control of critical infrastructure. Maybe the internet can actually be secured. But so far, all the signs seem to say that it can not be -- at least not any time soon.

    Like the his faithful Indian companion Tonto used to ask the old Lone Ranger. "What now Kimosabe?"

    At least, these guys have a plan of sorts. Leave the phone lines in place. The financial community's response to similar problems is to pretend the problems don't exist. Anyone want to bet on THAT ending well?

    --
    You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
  7. Re:Just don't rely on a monoculture of systems by thegarbz · · Score: 3, Insightful

    The monoculture is unavoidable in industry unless you want to spend an exorbitant amount on service contracts and staff training. Latest trends tend towards reducing the different number of systems and the different platforms not only because of costs but also due to reliability reasons as a variety of different systems work in different ways and experts which are too thinly spread across platforms tend to make more mistakes.